The Tea app, a platform that lets women anonymously review men they date, is at the center of a massive data breach. With over 72,000 images leaked—including 13,000 selfies and ID photos—users are now questioning how secure their data really is. The app is currently #1 on the App Store, but this shocking leak raises serious concerns about online privacy, identity verification, and app security.
What Is the Tea App?
Tea is an app designed to help women date safely. It allows users to:
-
Review and research men anonymously
-
Access background checks
-
Share experiences with other users
It promises that women using the platform will stay anonymous, which is especially important for those who’ve faced abuse or harmful relationships in the past.
But now, that promise is being questioned.
What Happened in the Tea App Data Breach?
According to 404 Media, the Tea app’s identity verification system was breached. A user on 4chan initially posted that thousands of private images were exposed—including:
-
13,000 selfies and photo IDs
-
59,000 images from app posts and private messages
These images were reportedly stored in a Firebase bucket (a cloud storage system used by app developers), and the bucket had no protection or password. In other words, anyone could access it.
404 Media didn’t download the images, but confirmed the Firebase bucket was real and matched the 4chan post.
Tea later confirmed the breach, saying the data was originally stored to comply with law enforcement rules related to cyberbullying. Still, this explanation didn’t satisfy experts or the public.
Why This Is a Huge Problem
The breach affects real women who sent the app their faces and government-issued IDs. These women expected their images to be deleted after verification, just as the Tea app’s privacy policy promised. But clearly, that didn’t happen.
If this is true, then the app violated its own privacy rules.
Even worse, people online now have access to:
-
Personal selfies
-
Government ID photos
-
Private conversations
-
Photos from app posts
For many women, especially survivors of domestic abuse or stalking, this is more than a privacy violation—it could be dangerous.
A Pattern of Unsafe Identity Verification
This isn’t the first time this has happened.
In 2023, Yoti, a top age verification service used by major tech companies, also suffered a breach. These are not one-off accidents. They are part of a growing trend.
Apps and websites increasingly require you to:
-
Upload selfies
-
Scan your driver’s license
-
Share your Social Security Number
And when that data is stored carelessly or left unprotected, it becomes a goldmine for hackers and scammers.
Why Mandating Age and ID Verification Is Risky
Governments and companies often argue that age and ID checks are needed to protect users—especially kids online.
But here’s the truth:
“Every time a site asks for your ID or face scan, you are putting your identity at risk.”
No matter what privacy policy they show you, there is no way to know if the data will:
-
Be stored securely
-
Be deleted after use
-
Be shared or sold
And even companies with “good” security can still be hacked.
What This Means for You
If you use dating apps, gaming sites, or any service asking for an ID, think twice. Ask yourself:
-
Is this app trustworthy?
-
Do I really need to upload my ID to use it?
-
What happens if my info is leaked?
Because if the #1 app on the App Store can’t protect user data, it’s hard to trust smaller or newer apps either.
What Should Be Done?
There are a few things developers and lawmakers should consider immediately:
-
Stop storing sensitive data unnecessarily
If verification is complete, delete the data. -
Audit security systems regularly
Open Firebase buckets, like the one Tea used, should never happen. -
Give users more control over their data
Let people opt out of ID verification when possible. -
Lawmakers should reconsider ID mandates
Policies that require uploading a driver’s license to every app will only increase risks.
Final Thoughts
The Tea app data breach is not just another hacking story. It’s a warning that digital safety norms are failing—and that putting trust in apps without checking their security practices can have serious consequences.
As more apps demand ID and face scans, users need to be more cautious and governments need to slow down mandates. Safety doesn’t come from uploading more data—it comes from protecting the data we’ve already given.
If you were affected or want to speak with the article’s author, please contact:
pr@rstreet.org
Sources & Further Reading: